HHS proposes stronger privacy protections under HIPAA

Proposed changes to the HIPAA privacy regulations would expand patients' rights to access their information and restrict certain types of disclosures of protected health information to health plans, according to InformationWeek. The plan is a response to the American Recovery and Reinvestment Act, which requires HHS to modify the HIPAA regulations that have been in place since 2003 by strengthening the privacy and security protections for health information.

Expanding individuals' rights to access their information and to restrict certain kinds of disclosures of protected health information to health plans;

Requiring business associates of HIPAA-covered entities to follow most of the same rules as the covered entities;

Setting new limitations on the use and disclosure of protected health information for marketing and fund raising; and

Prohibiting the sale of protected health information without patient authorization.

HHS also unveiled a Health Data Privacy and Security Resources website where you can learn about HHS privacy policies.

"We want to make sure it is possible for patients to have maximal control over PHI," national health IT coordinator Dr. David Blumenthal said at an HHS press conference. The statement--and the proposal itself--thrilled healthcare privacy hawk Dr. Deborah Peel. Her organization, the Patient Privacy Rights Foundation, put out a statement strongly in favor of the changes, saying that the proposed rule "signaled a clear policy change in the Obama administration, strengthening consumer rights to health privacy."

The American Health Information Management Association also came out in favor of the plan. "[T]he new regulations enhance individuals' access and control over EHRs and, therefore, trust in EHRs and the electronic exchange of health information," AHIMA says in a press release. "This is important as our nation works to improve the health of individuals by having accurate health information available where and when it is needed to treat patients."

If any groups are opposed to the changes, we haven't heard from them yet.

To learn more:- read the proposed rule issued by HHS on July 8- read this Computerworldarticle via Businessweek- take a look at CMIO's article- read the InformationWeekstory- see this AHIMA press release- check out this statement from the Patient Privacy Rights Foundation, which includes a video of the HHS press conference

Comments

Join 51,000+ Insiders

SIGN UP FOR OUR NEWSLETTER

FierceHealthIT is the leading source of Healthcare IT news with a special focus on EHR adoption, Telemedicine, HIPAA compliance and other critical areas. Join 51,000 healthcare industry insiders who get FierceHealthIT via daily email for their must know IT news. Sign up today!

THE LIBRARY: WHITEPAPER

This brief provides guidelines for appropriate use of personal mobile devices in the workplace to ensure the confidentiality of protected information and improve staff efficiency. Download this report to learn more.

FEATURED ADVISOR

Roger Neal is the vice president of IT and CIO for the 145-bed Duncan (Okla.) Regional Hospital. He has led projects including the installation of a hospital-wide PACS, electronic nursing documentation systems, integrated physician office systems and patient safety systems. He received a Master of Science degree in telecommunications management from Oklahoma State University.

FierceHealthIT is the leading source of Healthcare IT news with a special focus on EHR adoption, Telecmedicine, HIPAA compliance and other critical areas. Join 51,000 healthcare industry insiders who get FierceHealthIT via daily email for their must know IT news.